Dynamic management of capabilities in a network aware coordination language

We introduce a capability-based access control model integrated into a linguistic formalism for modeling network aware systems and applications. Our access control model enables specification and dynamic modification of policies for controlling process activities (mobility of code and access to resources). We exploit a combination of static and dynamic checking and of in-lined reference monitoring to guarantee absence of run-time errors due to lack of capabilities. We illustrate the usefulness of our framework by using it for implementing a simplified but realistic scenario. Finally, we show how the model can be easily tailored for dealing with different forms of capability acquisition and loss, thus enabling different possible variations of access control policies.